Category: Bookkeeping in Bunny Slippers

Posted on

Cloud Computing Evolved: Disruptive Technology Goes Mainstream

jmbunnyfeetCloud Computing Evolved: Disruptive Technology Goes Mainstream

A 2010 information technology report by IDC (International Data Corporation, a global provider of market intelligence) provided a few interesting predictions for Information Technology in these changing times.  Not surprisingly, many of the predictions centered around the same “ingredients of IT industry transformation” which were identified in past years as being disruptive technologies including cloud computing, mobile devices and applications, wireless broadband, virtualized infrastructure, social networking, and smart devices being among those listed.  The subsequent 2011 report suggested a continuing trend of spending and innovation in cloud technologies and mobile computing and in collecting and analyzing the huge volumes of data being generated.  It is clear that cloud computing is evolving from being disruptive technology to mainstream IT.

Everyone must by now recognize the significant growth in use of online and mobile applications and services.  If you haven’t noticed that just about everyone has a smart phone or tablet computer, then you’ve got your head buried deep in the sand.  What this clearly indicates, and IDC supported the position with quantifiable evidence, is that the “disruptive technologies” of yesterday have transitioned from early adoption to mainstream adoption.   This means that use of these technologies had pushed “well beyond” the first 10 to 15% of the market through 2010, and that customers were ready to integrate these new solutions as core parts of their overall IT strategy.

If you don’t believe that cloud computing, virtualization, and mobile access are becoming (have become?) mainstream, consider the staggering number and variety of mobile devices and networks available today.  The adoption of these devices is driven by the availability of broadband wireless service, and their use is fueled by applications offering “social business” and “pervasive analytics”.  No longer limited as a voice communications device, the mobile phone has now become the mobile workstation, capable of supporting a wide variety of business and personal interactions and functions intended to help users generate and analyze “unprecedented volumes of information” – and the 2011 report indicates that mobile computing is continuing to fuel the trend.

“Mobility wins” will be the top theme of the year as mobile devices outship PCs by more than 2 to 1 and generate more revenue than PCs for the first time. 85 billion mobile apps will be downloaded, and mobile data network spending will exceed fixed data network spending for the first time.

IDC’s 2010 report placed an interesting focus on the impact of this new era of IT, believing that it would be a launchpad for  the creation of “intelligent industry” with an IT-enabled “intelligent economy”.  This doesn’t apply only to those very large multinational corporations, like the IBM commercials about a smarter planet and the commercials where the box tells us where it (and the delivery truck) is.  This new-found intelligence would allow businesses of all sizes to offer better and more customized services locally while dramatically expanding their market reach beyond geographic boundaries, and positioning themselves for accelerated growth.

As the number of intelligent communicating devices on the network will outnumber “traditional computing” devices by almost 2 to 1, the way people think about interacting with each other, and with devices on the network, will change. Look for the use of social networking to follow not just people but smart things.”

Business owners who find a way to leverage this new capability through innovative applications of cloud computing and mobile device access will almost certainly find that their businesses are better suited to addressing the needs of their current market, but are also poised to take advantage of emerging opportunities in emerging markets as well.

In 2010 IDC predicted that by 2012 we would begin to see the “slow death” of cloud computing – the term, not the technology model.  Even though cloud computing is one of the hottest buzzwords in tech today, the model is becoming mainstream to the point where it is no longer considered a bleeding-edge method of computing requiring its own descriptive name. While IDC may have been a bit off in terms of forecasting the slow death of “cloud” terminology, their finding that the evolution of cloud computing models is rapidly progressing from disruptive to mainstream appears to be spot on.

Joanie Mann Bunny FeetMake Sense?
J

updated from original post in 2010
Posted on

Many Companies Are Negligent About SAP Security, Researchers Say – CIO.com

Is your hosting service provider helping to keep your critical business applications secure?  It is not enough to simply harden machine images and develop policy-driven access; application hosting providers need to understand the vulnerabilities introduced by each and every application in the environment.  Otherwise, the system could be exposed to threats directed specifically at the application environment and opportunities it presents.

Many hosting providers will offer customers service for any business application they have, and often provide those services with no significant experience or expertise in dealing with configuration or security issues specific to those applications or environments.  Consider the following report from IDC which indicates that numerous SAP deployments remain vulnerable to attack or intrusion, even though SAP has improved security of the products. The problem rests not exclusively with the SAP applications, but also with the approach to implementation of systems and security around those applications.  Understanding the various vulnerabilities introduced with SAP products is the first step to securing them.  Certainly a skilled IT solution provider is likely to offer a high level of service and capability, but there may be issues presented by various products (like SAP) which introduce additional or unique considerations, and it is important for the service provider to be aware of and address them.

Joanie Mann Bunny FeetMake Sense?

J

IDG News Service — SAP has significantly improved the security of its products over the past few years but many of its customers are negligent with their deployments, which exposes them to potential attacks that could cripple their businesses, according to security researchers.

The biggest issue is that companies expose insecure SAP services to the Internet — not only HTTP services, but also critical administrative interfaces, Alexander Polyakov, chief technology officer at ERPScan, a developer of security monitoring products for SAP systems, said Tuesday.

Between 5 percent and 10 percent of companies that use SAP products expose critical services to the Internet that shouldn’t be publicly accessible, Polyakov said. This happens because they want to enable remote management or because of improper configurations, he said.

Most of the services have vulnerabilities that can be easily attacked, Polyakov said.

Publicly available exploits exist for many SAP vulnerabilities, including some that are part of Metasploit, a popular security testing tool.

The percentage of companies with exposed SAP services differs from country to country. The situation is better in North America and Europe and worse in the Asia-Pacific region, Africa and Latin America, Polyakov said. However, even 5 percent translates to a very large number of companies, he said.

via Many Companies Are Negligent About SAP Security, Researchers Say – CIO.com.

Posted on

HIPAA Privacy and Security and the Cloud

jmbunnyfeet

HIPAA Privacy and Security and the Cloud

Is your cloud solution or hosting service HIPAA compliant?  This is among the most frequently asked questions from professionals shopping for cloud hosting service.  Unfortunately, it is also among the questions most frequently answered with ambiguity, or with naiveté.  The problem is that many businesses dealing with HIPAA compliance responsibilities as it relates to protection and security of personal health information may not fully understand their responsibilities as they extend to outsource IT and other service providers.  In the case of HIPAA compliance, many providers suggest their compliance without truly understanding what it means, and are introducing significant risk to their business and subscribing customers because of it.  With recent changes in rules relating to protection and control of personal health information, it is not just the health care provider, the health plan, 3rd party administrator or others that process health insurance claim information which must agree to provide adequate controls – the requirement may fully extend to business associates of these entities… possibly including their cloud service or hosting solution providers.

Some of the largest breaches reported to HHS have involved business associates. Penalties are increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation. The changes also strengthen the Health Information Technology for Economic and Clinical Health (HITECH) Breach Notification requirements by clarifying when breaches of unsecured health information must be reported to HHS. http://www.hhs.gov/news/press/2013pres/01/20130117b.html

HIPAA guidelines and rules exist to protect and secure personal health information, a requirement growing in importance with advancements in technology, electronic health records, e-billing solutions, and cloud computing adoption.  Where the regulations were once focused on the entity directly involved in generating or processing the information, the view is now extended not only to 3rd party administrators, but also to the technology solutions and providers involved.  When a “covered entity” (an entity with a responsibility to protect and secure personal health information [PHI]) makes a decision to move this information to the cloud, a number of important and complicated issues must be addressed in the agreements with the service or solution provider.  These issues include security and privacy of information (including providing individuals the right to access and request changes to the stored information), tools which may be provided to allow the customer additional security protection, encryption of data at rest and in transmission (and who holds the keys), data location, return of data, disaster recovery, and service levels.

Cloud provider contracts and business associate agreements with cloud providers are not one-size-fits-all and should be negotiated carefully to protect PHI in a manner that accurately reflects the capabilities of the parties http://www.americanbar.org/content/newsletter/groups/labor_law/ebc_newsletter/12_winter_ebc_news/ebc12winter_cloud.html

The provider delivering cloud hosting services to the business may now be considered to be a “business associate” under HIPAA, meaning that the responsibilities of the Customer (the “covered entity”) also extend to their service provider. For any business operating under a HIPAA compliance requirement, moving to the cloud must necessarily involve a detailed discussion and set of agreements that spell out the “business associate” relationship as well as the details of the service delivery and accepted performance levels.

Joanie Mann Bunny FeetMake Sense?

J

Posted on

QuickBooks In-House Hosting Services for Accountants

QuickBooks Hosting Services for IT-Capable Accountants

DIY-SelfHostingSmall businesses in large numbers are looking to the cloud as a platform to deliver solutions for the problems of escalating IT costs, mobility, and remote access to business data. The cloud is also becoming the recommended platform for the delivery of services from accounting and bookkeeping professionals, as the benefits of remote data access and real-time collaboration nicely address the requirement for accounting pros to exchange and share information with their business clients. One of the popular “cloud” hosting solutions addressing a collaborative accounting model is a hosted application approach to using Intuit QuickBooks desktop products. While accounting professionals may be aware that QuickBooks can be hosted by 3rd party providers, many firms are not aware of what is referred to as the “self-host” model, which is a QuickBooks hosting model for accounting firms with some in-house technical capability.

For small businesses and many accounting service providers, working with a 3rd party hosting provider makes a lot of sense, as the host has the infrastructure and the support organization necessary to service large-scale hosted customer requirements.

On the other hand, there are a lot of accounting and bookkeeping firms which have skilled in-house IT personnel who are more than capable of creating a hosting environment to serve not only their internal needs, but also to meet basic requirements of the QuickBooks-using clients they work with. It makes sense to explore the possibilities of implementing a “self-hosting” model for client access to QuickBooks, overcoming the cost and other barriers involved with 3rd party hosting services.

When an accounting firm works with a number of clients with QuickBooks desktop edition files, the firm has to install and manage not only their own software products, but also the relevant QuickBooks software products in use by the various clients (must have the right QB program in order to open the QB data file). This often puts an undue burden on the internal IT systems of the practice which has its own internal-use software and systems to support. With an internal hosting approach, the firm can provide standardized/centralized application hosting services to their clients, building their own “economy of scale” on the platform and reducing the IT management while achieving all the real-time and remote access benefits of an outsourced hosted model. The firm does not experience a retail cost for a hosting solution, and the cost to host the client is generally offset through the efficiency gained at the firm level through direct access to client data and applications.

The technical model for delivering hosting services to a relatively small client base is not overly complicated. Commercial service providers have complex architectures because they must serve a large and diverse client base, and they never really know what sort of devices (computers and printers) or connectivity the customer may have. Commercial providers have to be prepared to deal with any and all situations, where a “self-host” firm needs only to concern themselves with supporting their particular client users and use cases. Additionally, when the solution is offered as part of the accounting or bookkeeping service, the support requirements of the customer tend to be focused during mutual working hours, as opposed to the 24×7 support demanded of the commercial host.

As accountants and bookkeepers search for solutions to improve efficiency, increase profitability and differentiate services, it makes sense for those serving QuickBooks desktop clients and having an in-house IT capability to explore becoming a QuickBooks self-host. It is one possible way to eliminate cost as a barrier to working closer with QuickBooks desktop clients while providing the mobility and collaboration businesses need.

 

Make Sense?

Joanie Mann Bunny FeetJ

Posted on

A Holistic Approach to Cloud IT

holistic: a. Emphasizing the importance of the whole and the interdependence of its parts.

The Internet and cloud computing solutions can help businesses create an environment which allows team members and clients to work together more efficiently; where information can be generated once and used in a variety of ways by different users.  With this new capability to share documents and files in real-time, many businesses are finding that they are generating more electronic information today than ever before – and they’re having a hard time keeping these information assets organized.  With paper documents being digitized to allow for electronic distribution, OCR, and intelligent connecting to transaction data – lots of stored data is being produced and stored in a variety of places.

There are many technology models available, so there are a lot of options for businesses today – options which address the fundamental requirements to convert, store, secure, and distribute the various data types within the enterprise.  When a business elects to use a variety of cloud solutions or providers to address a number of business problems, how does that enterprise wrap its arms around the content which represents, in all actuality, the sum of business intelligence in the enterprise?  Keeping tabs on the business data is critical, but tracking all the data when it is stored with a variety of providers may be very difficult.

Example: If your business uses an online CRM such as Salesforce.com, runs QuickBooks on your local PC, and uses Gmail for email service… exactly where does your business data live?  With Salesforce?  On your local PC?  At Google?  In all 3 places?

Containment of distributed data isn’t the only issue facing businesses today.  Longevity and long-term access to data is a concern, as well.  Solutions and providers that exist today may not exist tomorrow.  If you have data invested in a solution with a short life span (and you probably won’t know this is the case until it’s too late), you may orphan your data and not be able to access it later.   And, if you can get your data from the provider, is it in a useful form or did you lose functionality when you lost the solution?

Example:  Intuit once introduced a paperclip (attached documents service) in QuickBooks, and offered the attached document feature at no charge.  The “free” service from Intuit encouraged a lot of users to migrate from other QuickBooks-connected document management solutions. Then… Intuit announced that the attached documents service would no longer be free.  Users with the service could still get to their documents via a web portal, but not from within QuickBooks, and certainly not as attachments to transactions or other records. Then the attached documents feature was once-again changed, allowing only storage to local PCs rather than on Intuit’s servers. Then, it went away entirely. 

Another issue facing businesses operating in the cloud is one of vendor lock-in (or lock-out), and being able to address the total business requirement.  Point solutions and vendor-specific solutions may address certain business problems, but generally aren’t able to handle all of the needs of a given business.  If your online solution doesn’t address the needs of the entire business, you risk increasing production costs and reducing productivity through duplication of data entry and other activities.

Example: An accounting firm with an insurance division uses Thomson Reuters Virtual Office service, which delivers certain accounting applications along with Microsoft Office on a remote desktop type of connection.  Unfortunately for the firm, the users operating in the insurance division use applications that aren’t supported or available via the Virtual Office solution.  So, certain users have completely disconnected services – a remote desktop serving up their Office apps, and a separate browser-based solution – neither of which integrate or work together.  The complexity and confusion caused by this situation has done little more than increase the burden of duplicate data entry, recreation of documents, and constant download-save-upload activities.

In each of these cases, a “holistic” approach to cloud IT services might have produced better results than by looking at each application or functional “solution” individually.

As an example, consider that a business with in-office and mobile employees needs to use accounting, office productivity, contact management, documents storage, and several browser-based solutions in order to provide the functionality and operational support necessary.    While many of these solutions are individually available online, the business opts to work with a single outsourced IT provider to create their own “private cloud” environment.

The solution includes remote/virtual desktops, hosted accounting applications, hosted Office applications, hosted browser (to allow browser and Internet-based apps to integrate with Office and other apps on the remote desktop), hosted CRM, and hosted document management… all applications that the business selects and might even have been using for years are included.

All  applications are delivered on the remote desktop environment, providing users with the ability to open documents instantly, save and share files seamlessly, and participate in a central company-wide document store.

All applications are licensed to the business, so they have the flexibility of returning to local IT operations simply by implementing their own software in their own network and taking the data off the host.

Because all of the business data resides on this single hosting platform, the business is able to not only keep control of all information assets, but is also able to back up and protect (preserve) that data in its entirety.

Now doesn’t that make sense?

J

Learn more…

 

Posted on

Sustainability and the Humanization of Work

Sustainability and the Humanization of Work

Joanie Mann Bunny FeetFew problems in business are truly solved simply by throwing more money and resources at them.  Certainly, having the people, tools and supplies to get the work done well is a business requirement, and many organizations take a “building out” approach to addressing growing workloads and customer demand.  On the other hand, there are business owners who recognize that things can always be accomplished better and more efficiently, and that improvements in these areas can make the difference between ending up with an overburdened organization with more mass than agility, or a lean organization with the ability to sustain itself while continuously adjusting to meet changing internal and external challenges.

It is said that the only constant is change, and businesses must find a way to effectively and cost-efficiently meet changing demands and conditions in order to survive.  What frustrates many business owners is that change is generally disruptive to the business, representing a significant challenge when it comes to the re-development of internal processes and procedures.   At issue is the understanding that proven, structured and repeatable processes help to improve efficiency, yet changing conditions often require changes to these processes.  In many cases, businesses find that the requirement to structure and document activities is work that must be re-done in the event of broad changes.  Too often, the work falls by the wayside because the minute it is completed, some change comes along and renders it obsolete.  It is somewhat like the child who questions making their bed each day, as they’re just going to sleep in it again and make it messy.

There may be a solution, and a lesson to be learned, in the “kaizen” approach to change and improvement.  Wikipedia’s entry on Kaizen identifies the meaning of the Japanese-Kanji word as simply “good change”.  Similar to the English word “improvement”, kaizen does not refer specifically to any single or ongoing change.  Rather, it has come to describe an approach to business which recognizes the potential for improvement – improvement in work product, work conditions, worker satisfaction, and worker performance – at all levels throughout the enterprise.  Further, kaizen does not describe change as being broad-ranging or particularly intrusive.  Beneficial (good) change may come at any level and may be identified by almost any source.

Kaizen is a daily process, the purpose of which goes beyond simple productivity improvement. It is also a process that, when done correctly, humanizes the workplace, eliminates overly hard work (“muri”), and teaches people how to perform experiments on their work using the scientific method and how to learn to spot and eliminate waste in business processes. http://en.wikipedia.org/wiki/Kaizen

The ultimate business goals are, of course, improved productivity, product quality and profitability.  A “Kaizen” approach to business recognizes that these goals are often met through gaining the participation of the entire organization.  Whether approached as individual effort, small or large group, or via suggestion system, the purpose is to nurture the company’s human resource and help focus it towards making improvements in work environment and activities which lead to improved productivity.  After all, the most valuable asset a business has is its people.  It is logical to apply this individual and collective intelligence and source of business knowledge towards making the company better – and a better place to work.

Make sense?

J